← All glossary terms Glossary

What is Extended Detection and Response (XDR)?

Detection and response across multiple security data sources — endpoints, email, identity, cloud — combined into one platform.

Extended Detection and Response (XDR) takes the EDR idea and extends it across additional signal sources: email, identity providers, cloud workloads, network telemetry, and more. The goal is to correlate signals across those sources so attacks that touch multiple systems are caught earlier. The term is heavily used by vendors, often to describe what is really a tightly integrated EDR plus SIEM. Buyer-side, the practical question is: does the platform actually correlate across sources, or is it just a unified dashboard?

  • Correlates signals across endpoint, email, identity, and cloud rather than treating each in isolation.
  • Aims to catch multi-stage attacks that touch several systems and slip past single-source tools.
  • Vendor definitions vary widely — the test is whether it truly correlates sources or just shows them on one screen.

En français

Détection et réponse étendues (XDR)

La détection et l'intervention couvrant plusieurs sources de données de sécurité — terminaux, courriel, identités, infonuagique — réunies dans une seule plateforme.

La détection et réponse étendues (XDR) reprend le principe de l'EDR et l'étend à d'autres sources de signaux : courriel, fournisseurs d'identité, charges de travail infonuagiques, télémétrie réseau, et plus encore. L'objectif est de corréler ces signaux afin de repérer plus tôt les attaques qui touchent plusieurs systèmes. Côté acheteur, la vraie question est : la plateforme corrèle-t-elle réellement les sources, ou s'agit-il simplement d'un tableau de bord unifié?

Extended Detection and Response (XDR): frequently asked questions

What is the difference between XDR and EDR?

EDR focuses on endpoints — laptops, servers, workstations. XDR extends that idea across more sources like email, identity, and cloud, and tries to connect the dots between them so cross-system attacks are caught earlier.

Is XDR the same as a SIEM?

They overlap. A SIEM ingests logs from almost anything and is highly customizable but needs heavy tuning; XDR is usually a more turnkey, vendor-integrated correlation across a fixed set of sources. Many modern platforms blur the line.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team